Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
1. Prioritise adding 2FA. The community has been calling for this for years.
2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.
3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.
4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.
1. Prioritise adding 2FA. The community has been calling for this for years.
2. It was pretty clear from the outset that this was likely a credential stuffing
incident, both because the attackers accessed mostly low feedback accounts, and
because Bricklink had zero defenses against such an attack.
3. Bricklink overreacted. I understand that the attackers were using these accounts
to post fake listings and scam buyers, and that required a more urgent response,
but a password reset would have sufficed rather than an extended period of downtime.
4. Bricklink needs to find a balance between executing on the promotional objectives
of Lego's marketing team (MOC shop, BDP, XP etc) with the actual needs of
buyers and sellers, who mostly just want a reliable, performant, and secure marketplace
to trade genuine Lego parts.
Thanks
Firstly "A couple" means 2 not 4
1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted
1. Agreed
2. You are ignoring the ransom threat.
3. YOU ARE IGNORING THE RANSOM THREAT. BL did NOT overreact. A password reset
would have solved 1 and only 1 of the issues. They clearly stated that they
shut down to investigate and should be commended, NOT chastized for it.
4. BL is a "reliable, performant and secure marketplace to trade Lego Parts."
Wish granted
The announcement (probably wisely) does not give details of the ransom threat.
I, fairly regularly, receive ransom threats for sites I maintain. In general
they don't say anything more than "I've hacked your site. Send me
X Bitcoin or I will do something bad".
If a ransomer wants me to take their threat seriously, they need to include some
information that they couldn't know without having access to the website
internals. As I say we don't know what information the ransomer had.
As I don't run a global marketplace with millions of users, and the consequences
of a Ransomer carrying out any such threat would be much lower, I feel I can
safely ignore these threats.
I applaud Bricklink for taking quick and decisive action.
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
Not the intent - Just saying (Mitigating any potential charges to at
most 2nd degree manslaughter)
Signed: popsicle
In Administrative, popsicle writes:
In Administrative, Give.Me.A.Brick writes:
In Administrative, Khyron68 writes:
Firstly "A couple" means 2 not 4
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
As a non native English speaker I've also been corrected for the use of "a
couple" referring as 2, 3 or 4 things. But Cambridge corroborates that "a
couple" means "a few" in certain contexts:
I knew a couple that began to take the “Cambridge” view of the term. Sadly
ended with them separating. Oh well, they at least didn't have to think about
the term's true meaning
No no no.
On that sense, a couple is just and only 2.
My couple of cents, anyway
I know that you understand that. Just having some fun
The English language of all the world's major languages, is a wonderful playground
of sorts, with it's massive vocabulary and seemingly endless exceptions to
it's rules.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thanks for working to get us back up and running quickly. It was surprising just
how much we depend on BrickLink, I felt literally lost at times without it so
thanks again.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thank you and great job on stopping the issue when it became apparent and finding
out what was impacted.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.
May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.
What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.
May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.
Thank you!
There is an FAQ entry about how to back up your store inventory. We've updated
it with clearer instructions about how to download your inventory as an XML file
What a relief. Never realized how dependent I had become on BL until these past
few days.The BL Team handled this exceptionally well.
May I suggest adding an entry to the FAQ about how to backup inventory? In reading
the Reddit and the BL Facebook groups for updates these past few days I was surprised
at how many sellers didn't have backups.
Thank you!
There is an FAQ entry about how to back up your store inventory. We've updated
it with clearer instructions about how to download your inventory as an XML file
Thanks to you and the team for getting this turned back on quickly, given the
timing, it could have been much worse. And the offer to buy coffee for the team
still stands.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
Sent one just after seeing your message and mine worked fine!
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
I was able to do a mass drive thru for my orders but individual drive thrus are
still coming up as 403 Forbidden for me.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Heads up I'm getting a 403 Forbidden error when trying to send a Drive Thru
email notification.
Same here, also when I try to change the order status
Are there any plans to implement Two factor authentication for sign in following
the issues?
Matt
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.
I have one question and one comment though.
Has price guide info been deleted of orders that have been identified as fraudulent?
I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.
Thank you all for the work you've done! I think many of us just realized
how much we rely on Bricklink for information.
I have one question and one comment though.
Has price guide info been deleted of orders that have been identified as fraudulent?
I'm sure you noticed how the "mood" in Facebook and other social
media changed for the better once you started communicating with your users.
PLEASE start communicating a lot more with the community.
Thanks again 👍
Thank you to the BrickLink team for working tirelessly through the long days
and nights to flush out the bad actors and get the site back up and running as
quickly as possible. Definitely missed the site the last few days and am so glad
to have it back up.
I second the request to ensure the fraudulent transactions have been removed
from the price guide.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Kudos on handling this so well. As an IT professional I have worked a number
of these incidents.
Security incidents will happen, its how the company responds to it that is vital
to protecting trust. Apart from the lack of communication initially, once you
took the wise step to go offline, your coms have been reasonable and I am sure
as a community we got the whole this is going to take some time.
Trust is such a uniquely human concept but how do we "prove" a system
can be trusted. Its a huge amount of work and you have done so well as a user
I am grateful for your hard work and the communication you provided as the incident
progressed.
Kudos on handling this so well. As an IT professional I have worked a number
of these incidents.
Security incidents will happen, its how the company responds to it that is vital
to protecting trust. Apart from the lack of communication initially, once you
took the wise step to go offline, your coms have been reasonable and I am sure
as a community we got the whole this is going to take some time.
Trust is such a uniquely human concept but how do we "prove" a system
can be trusted. Its a huge amount of work and you have done so well as a user
I am grateful for your hard work and the communication you provided as the incident
progressed.
You all deserve our thanks.
Best Regards
BvB.
Thank you for the kind words, and thank you everyone for your support
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thank you for doing your due diligence. I'm grateful you decided to take
the site offline so you could do a proper incident response.
Is there any chance we could get TOTP 2FA and longer passwords?
Thank you for doing your due diligence. I'm grateful you decided to take
the site offline so you could do a proper incident response.
Is there any chance we could get TOTP 2FA and longer passwords?
The 15-character limit for passwords is an existing limitation that hasn't
been changed. At the moment, BrickLink doesn't support two-factor authentication.
However, we will continue to increase security on our platform and will communicate
about any new security features as they become available.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Thank you for being so transparent and proactive!.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
For good reason we are currently experiencing a very high load on our systems
due to seller activity.
We understand that everyone is keen to get everything back in order so we have
temporarily paused the cart algorithm for the MOC Pop-up store to increase capacity.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks to everyone at BrickLink for all the hard work of getting everything
back up and running for us!
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
It would be really good if the site could implement (optional) support for some
form of 2-factor authentication (such as TOTP through an authenticator app or
maybe even hardware key support). Done correctly 2FA makes credential stuffing
and other similar hacks impossible.
It would be really good if the site could implement (optional) support for some
form of 2-factor authentication (such as TOTP through an authenticator app or
maybe even hardware key support). Done correctly 2FA makes credential stuffing
and other similar hacks impossible.
Thank you for the feedback. At the moment, BrickLink does not support two-factor
authentication. However, we will continue to increase security on our platform
and will communicate about any new security features as they become available.
We are seeing a high number of Helpdesk tickets related to entering the site
due to added security measures. We will be looking in to these, just giving everyone
impacted a heads up since we are not able to answer them all right away.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thank you to the entire team, for all the hard work and long hours !
Thanks team for getting everything back up. You have handled this situation with
care and speed. I appreciate your efforts and fortunately my store (and inventory)
remain intact. Cheers Mike
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
why do i keep getting this update your password message ?? already did that
Why weren't all stores set to closed status until passwords were changed?
Makes it hard to tell which stores are active and which are not.
We had not planned to close all seller stores. However, due to a delay in providing
access to accounts, we decided to close the remaining stores waiting for admin
help last night.
why do i keep getting this update your password message ?? already did that
we can assume that everyone who can access bl again has changed its password
since that was required.. so no need for that message
Thank you for the BL team's big effort these last days! Good job.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
I can't believe how much I missed bricklink I can finally start my
little project!
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Many thanks to the BL-Team for the much effort.
Is it possible for the IT-team to add the ip-address to the E-Mail login notice?
Wielkie dzięki za odblokowanie naszej ulubionej strony!
Great thanks for unlocking our favourite site!
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
So good to be back! Huge thanks and well done to all the team for getting us
back up and running again. Job well done. Go and get some sleep now people!
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
Thanks for taking care, even if took a few days. Better safe than sorry!
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thanks Team. You realise what you appreciate at the moment you do not have it
anymore. Keep up the good work!
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Good to see you back. A big THANK YOU for the quick fix!
Great to be back!! Many, many thanks Bricklink team for your work these days
and for keeping us posted!!
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
15 digits are a joke with regard to modern security recommendations
I don't think 15 digits are a joke.
(Partially got from the web...)
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
26 lowercase + 26 uppercase + 10 digits + around 10 special chars = 72 possible
chars
15 char pass = 72 ^15 = 7,244,150,201,408,990,671,659,859,968 possible passwords
If BL accepts around 200,000 attempts to login per second from the same client
(LOL), it'll take 229,710,495,985,825,427,183 years.
Of course that implies you don't use "TheBestPassword" (like me)
- but then almost whatever length won't change much when facing a dictionnary
attack.
In short, I think 15 digits is already VERY fine - please be happy!
You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
Because collisions in hashing, a short password can collide with a megabyte one,
so the longer does NOT mean it's safer.
And of course, hoping passwords aren't saved in 'plain text'... But
that's another question I won't discuss.
IMHO, as BrickLink has an old (and proud!) history of development, I guess there
are tens of tests on this maximum value a bit everywhere, and it's a complete
separate (and non urgent) task, to find EVERY place where it's implemented
(and in various languages)...
Agree that a random password passwords above a certain length aren't more
secure, but allowing passwords with unconstrained length does suggest that they
are storing securely (by hashing it), rather than storing it plain/encoded/encrypted.
You're right, but password length restrictions do make me concerned about
WHY there is a length limitation.
Indeed.
If you're following best practices, you're storing salted password hashes,
in which case, there's no good reason to impose a length limitation (within
reason).
What I infer from the limitation, is that Bricklink MAY not be following best
practices here. And lord forbid that they are raw or "encrypted" in the
db. **Shudders**
15 digits are a joke with regard to modern security recommendations
The 15-character limit is an existing limitation on BrickLink passwords and has
not changed. However, we will continue to increase security on our platform and
will communicate about any new security features as they become available.
15 digits are a joke with regard to modern security recommendations
The 15-character limit is an existing limitation on BrickLink passwords and has
not changed. However, we will continue to increase security on our platform and
will communicate about any new security features as they become available.
It seems like you can use more than 15 characters using the "Reset password"
function, which in turn breaks BrickStore that only accepts 15 characters (users
were confused in the past, so I added the same character limitation in BrickStore)
This would also make it impossible to later change the password on BL's account
info page...
Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.
It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.
Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.
Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.
The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.
At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.
(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)
Especially after BrinkLink had a security incident requiring everyone update
their passwords, I was definitely surprised to see this 15-char limitation.
It also tripped me up while changing my password on my PC (and using a password
manager). I noticed the number of asterisked characters didn't increase,
but thought that was a neat bit of password-length obfuscation.
Until I then tried logging in on another device, using the password I had saved
in my password manager. I couldn't log in.
Not because I had typed my password in incorrectly, but because BrickLink had
silently truncated my password. Also, if I recall correctly, the 15-character
limit is *not mentioned* when creating or updating your password. If it had
been, I'd still be disappointed, but at least I'd have a heads-up before
running into confusion.
The way I actually discovered the password was truncated was only because I elected
to have the browser store the password as I changed it and re-logged into BrickLink.
I was able to view the "right" password from there and get logged in
on my other device.
At the very least, pull up an error message when a person tries to input a longer
password. But ideally, yes, allow longer passwords. 256-char would be good for
a start.
(Thank you for the site -- this is my first time writing on the forum, and
I really do appreciate the existence of this place! Thank you for taking security
seriously and having the site down for as long as it took after the recent incident!)
Thank you for your feedback. The 15-character limit is mentioned on the password
reset page, but it is not displayed when you change your password on the "Account
Info" page.
Thanks Admin for your hard work and detication ! Greatly appreciated!!
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Thank you for all your hard work to ensure the site's safety and continuity.
These things happen and I hope the team is getting some well-deserved rest soon!
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
I know everyone's on a security kick right now, but 2FA is not wanted by
me, so no rush, thanks!
Thank you very very much for your great work! I can imagine, how hard your days
and nights were, I'm fighting also nearly every day against cyber crime etc.
coming from outside as IT specialist. Take a deep breath and be proud of yourself!
I'm glad Bricklink is back, loving this platform and was missig it so much...
Take care!!!
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Un grand merci pour votre réactivité et le travail titanesque que vous venez
de réaliser.
Just wanted to extend my thanks and praise to the entire staff at BrickLink for
their perseverance and dedication on swiftly and promptly handling this situation.
I am very glad to see the site back up and running as it’s a daily interaction
and a part of my daily life.
Thanks for the efforts to bring back the site up and running again. It's
better not rushing things when it comes to security. Hope LEGO can introduces
2FA and longer passwords here as well so this doesn't happen again.
Cheers!
Bricklink Team, as a software developer at a major financial institution, I can
empathize with this critical situation and the very long days the team must have
put in to restore the production system. I believe I speak for every Bricklink
User - Thank You!
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thank you so much for all of your hard work and dedication to the BL community.
I really appreciated being kept in the loop while this was all going on. We really
do appreciate the team.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Thanks for getting the site open to all again, but I do still have to complain
about the lack of communication and dearth of information posted on the only
accessible page.
This was only made more troubling when an invoice arrived by email - Was it real?
Was it a scam? How could the administrators of the site be so crass as to ask
for payment for a site that is down and not share anything else about the troubles?
That just makes me think of BrickLink TLG as greedy and out of touch.
Sorry to rant, but as in any relationship, good communication and finances are
the keys to keeping all parties happy, and neither were exhibited in this situation.
For the fees thing it’s almost guaranteed an automated system and they may have
just never had a system in place that would prevent it from being sent and they
were focused fully on security so it likely never crossed their minds or if it
did they didn’t have time to address it
Thanks for getting the site open to all again, but I do still have to complain
about the lack of communication and dearth of information posted on the only
accessible page.
This was only made more troubling when an invoice arrived by email - Was it real?
Was it a scam? How could the administrators of the site be so crass as to ask
for payment for a site that is down and not share anything else about the troubles?
That just makes me think of BrickLink TLG as greedy and out of touch.
Sorry to rant, but as in any relationship, good communication and finances are
the keys to keeping all parties happy, and neither were exhibited in this situation.
Seller invoices are automated and were sent out despite the site being in maintenance
mode. We also sent an email to all sellers regarding this matter less than 24
hours after the invoices were sent.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Appreciate your quick response and bold actions to resolve. A few days of downtime
isn't that big of a deal in the long run. This is an awesome site, and
hate to see anything bad happen. Take a deep breath and keep vigilant.
Thank you to you & the team - glad things are sorted & back on line.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thanks for your efforts. Those who don't know how situations like this are
played out in the tech support industry will always whine about how long it took
because they have no clue as to people behind the scenes have to go through to
manage a security breach or threat. They don't get that investigating the
issue and finding a resolution takes time. Ignore those people and know your
efforts are appreciated.
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the **s.
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
I guess you’ll already be annoyed with the messages each time you use a new device
(And language please! Using ** instead of letters is no excuse )
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
I guess you’ll already be annoyed with the messages each time you use a new device
(And language please! Using ** instead of letters is no excuse )
Adding 2fa will be a logical way to increase security. Either GA based which
will create device dependency (and processes to reinitiate) or email (or even
sms) which will be less device dependent
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
I guess you’ll already be annoyed with the messages each time you use a new device
(And language please! Using ** instead of letters is no excuse )
Adding 2fa will be a logical way to increase security. Either GA based which
will create device dependency (and processes to reinitiate) or email (or even
sms) which will be less device dependent
Also - introduce required password change after some period of time ...
[…]
Also - introduce required password change after some period of time ...
The problem is that it’s the best way to have people use weak passwords: password1,
password2….
yes and combined with proper passwor rules (length / characters / special chars
/ no reuse etc etc
Humans are both lazy and industrious: they can work very hard to find ways around
more work
Example: the software may prevent using password2 after password1, but you can
use 2password, and then password3 and 4password…
In the end, you get a “gasworks”: lots of very annoying and ineffective rules
blocking good passwords and still allowing bad ones, even sometimes encouraging
the latter.
Not saying there shouldn’t be rules, just discussing/chatting on the difficulties
and despairing of human nature
I don’t know if you ever tried to discuss password policy with your less-computer
savvy friends and family
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the […].
I guess you’ll already be annoyed with the messages each time you use a new device
YES!
Please BrickLink allow us to set it OFF in Settings.
Thank you.
For us and probably many other larger stores, 2FA will only work properly when
it's possible to create multiple users for one acount. Otherwise it will
be a pain in the **s.
Regards,
AFOL Supply
If they use TOTP, add the code to a KeePass database and share it with your employees.
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
Now at the latest would be the time for mandatory 2FA for all members, something
that has long been called for and can ensure the security of accounts.
Otherwise: thank you that the site is finally back online and we can trade again.
Now at the latest would be the time for mandatory 2FA for all members, something
that has long been called for and can ensure the security of accounts.
Otherwise: thank you that the site is finally back online and we can trade again.
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
Now at the latest would be the time for mandatory 2FA for all members, something
that has long been called for and can ensure the security of accounts.
Otherwise: thank you that the site is finally back online and we can trade again.
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
If/when you add 2FA please allow use of hardware authentication (such as YubiKey)
without need to use additional application (I had to say it since this is exactly
what GitHub did o_0).
Additionally please allow use of passwords longer than 15 characters.
Well done on taking decisive action, and getting the site back to normal quickly.
I think getting users to reset passwords is a wise precaution.
I have two suggestions. There have been a lot of posts in this thread, and I
haven't read them all, so these may well have been covered.
1. Add Two-Factor Authentication (2FA). This is not difficult to do these days.
I'd suggest making it an opt-in feature for buyers, and mandatory for sellers.
2. Add explicit measures to protect against Cross Site Request Forgery (CSRF).
This is where your login token gets hijacked, and a fraudulent user continues
a session that has already been logged in. 2FA does not protect against this.
There are various measures that help protect against this, and I don't claim
to be an expert, but it would be a good idea to look into the possible attacks
and ensure that as many as possible are covered off.
Well done on taking decisive action, and getting the site back to normal quickly.
I think getting users to reset passwords is a wise precaution.
I have two suggestions. There have been a lot of posts in this thread, and I
haven't read them all, so these may well have been covered.
1. Add Two-Factor Authentication (2FA). This is not difficult to do these days.
I'd suggest making it an opt-in feature for buyers, and mandatory for sellers.
2. Add explicit measures to protect against Cross Site Request Forgery (CSRF).
This is where your login token gets hijacked, and a fraudulent user continues
a session that has already been logged in. 2FA does not protect against this.
There are various measures that help protect against this, and I don't claim
to be an expert, but it would be a good idea to look into the possible attacks
and ensure that as many as possible are covered off.
Thank you for the suggestions! At the moment, BrickLink does not support two-factor
authentication. However, we will continue to increase security on our platform
and will communicate about any new security features as they become available.
Very happy to see the site back up again. While it did take quite a while to
work through, I felt it was necessary to conduct a thorough check of the system
for any virus, Trojan horses, or anything else that could have been left. Thankfully
the main system wasn't breached or the down time could have been a lot longer.
I did miss the site while it was down, could't get my BL fix!
We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
Can you be more specific here: Does this mean 2FA or not?
So it turns out the 'hacker's comment that 2FA wouldn't save us was
indeed bluff. It very much would have saved us. So is Bricklink going
to prevent this from happening again? I hope 2FA will be put in place before
the devs are going to be put through another series of sleepless nights...
Can you be more specific here: Does this mean 2FA or not?
So it turns out the 'hacker's comment that 2FA wouldn't save us was
indeed bluff. It very much would have saved us. So is Bricklink going
to prevent this from happening again? I hope 2FA will be put in place before
the devs are going to be put through another series of sleepless nights...
At this time, we can't comment on specific security measures in development.
However, we will communicate about any new security features as they become available.
Can you be more specific here: Does this mean 2FA or not?
So it turns out the 'hacker's comment that 2FA wouldn't save us was
indeed bluff. It very much would have saved us. So is Bricklink going
to prevent this from happening again? I hope 2FA will be put in place before
the devs are going to be put through another series of sleepless nights...
At this time, we can't comment on specific security measures in development.
However, we will communicate about any new security features as they become available.
Thanks for the reply. I hope it will include 2FA or something else that in this
case would have prevented the outage. Both for the team and the sellers/buyers
sake..
Dear Bricklink team and Admins, thank you very much for the great work and your
efforts after the terrible disaster on Friday. Personally, I no longer believed
that Bricklink would be online again this year. I was afraid not coping with
the difficulties I had after the shut down. Thank you so much for your hard work
and solving this problem. All the best for the future.
Respectfully
Nick
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
Thank you for all your hard work to get us back up and running.
Thanks, guys. But you should allow longer passwords and add 2FA (at least as
an option).
Otherwise I'm happy the site's running again and nothing reeeally bad
happened.
Imagine haxx0rs who don't want money and just erase everything without warning.
Increase your safety and take this as a warning.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Thanks, guys. But you should allow longer passwords and add 2FA (at least as
an option).
Otherwise I'm happy the site's running again and nothing reeeally bad
happened.
Imagine haxx0rs who don't want money and just erase everything without warning.
Increase your safety and take this as a warning.
At the moment, BrickLink does not support longer passwords or two-factor authentication.
However, we will continue to increase security on our platform and will communicate
about any new security features as they become available.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
All good.. let’s hope next time there is a swift recovery!
Thanks for keeping us posted, though I know we always want more information than
is available or than there's time to lay out. I've been a bit wary of
reopening next season, so I'm glad some measures are in place. 2FA (or more)
would be helpful, but of course I'm glad to see more notices of logins, etc.
If fees must climb a wee bit to get ahead of a more serious attack than this
opportunistic mess, I get it.
Please do prioritize 2FA and a real secure implementation, not just the email
or phone number verification but a cryptographically generated OTP option, and
preferable one that allows us to use any provider we want rather than just Symantec
as many larger corporations have done. This would be game changing for individual
account security.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Please do prioritize 2FA and a real secure implementation, not just the email
or phone number verification but a cryptographically generated OTP option, and
preferable one that allows us to use any provider we want rather than just Symantec
as many larger corporations have done. This would be game changing for individual
account security.
We will continue to increase security on our platform and will communicate about
any new security features as they become available
Please do prioritize 2FA and a real secure implementation, not just the email
or phone number verification but a cryptographically generated OTP option, and
preferable one that allows us to use any provider we want rather than just Symantec
as many larger corporations have done. This would be game changing for individual
account security.
We will continue to increase security on our platform and will communicate about
any new security features as they become available
Thanks for working hard to secure the site and for restoring it without any inventory
issues. As many have stated, 2fa would be a great feature to protect sellers
against malicious attacks. I see some stores with so many unique parts and I'd
assume it could take thousands of hours to restore these lots manually.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
I never knew that Bricklink was down until now great work Bricklink admin
Many thanks! Did just change my password. Pls try adding 2FA options for further
securing our accounts.
Kind regards
Alex
At the moment, BrickLink does not support two-factor authentication. However,
we will continue to increase security on our platform and will communicate about
any new security features as they become available.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
LEGO don't have 2FA on their website either.
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
My bank(s) (SG & Bourso) sometimes do MFA (SMS + e-mail)… but not at every login.
And the passwords are 6 or 8 digits (true digits here, no letters, no punctuation,
perfect size for your birthday or (the end of) your telephone number).
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
LEGO don't have 2FA on their website either.
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
PayPal for sure has TFA, you just don't have it enabled.
I am fine with LEGO/BrickLink adding TFA as long as it is optional.
PayPal for sure has TFA, you just don't have it enabled.
I am fine with LEGO/BrickLink adding TFA as long as it is optional.
lego.com already has optional 2FA, though it's somewhat meaningless as it's
only email based. Must admit I'd entirely forgotten Paypal's was optional;
I simply can't understand why anyone who understands the problem would want
it disabled.
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
LEGO don't have 2FA on their website either.
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
Yep. I always wonder why people scream for 2FA/MFA like it is the answer to everything.
I have accounts with more than a dozen financial institutions, and only two or
three of them use 2FA/MFA and it is a hassle every damn time. Not all of us in
the world want to use it or want to see it added to every single site that we
come into contact with. Why would I want 2FA/MFA on BrickLink when my PayPal
account that all transactions here go through doesn't even use it? Absolutely
bonkers.
As a long time Bricklink member, please for the love of god please please please
prioritize two factor authentication. This is dumb for 2023, especially since
Lego Corp owns this site.
LEGO don't have 2FA on their website either.
And neither my bank BNP/Paribas or PayPal.
I wonder why a platform selling LEGO would have.
We many use third party software (BrickStore..) or APIs - and me, at least, I
simply HATE 2FA. More security, less liberty.
I have 2FA on PayPal, but supposedly only on new login devices. But it seems
to forget my main tablet way too frequently, very annoying if I forget my phone.
They do. It's optional, and only email based, but it's been there for
a year or so.
If it is email based, then bricklink also already has a similar 2FA-style alternative.
Set the password to be a completely random string of 15 digits and letters and
log in. Then each time you want to log in, use the forget password setting to
have a new code sent to your email. Cracking a 62^15 password is unlikely and
if you change the password every time you log in, then if anyone does manage
to get your password unless they change it quickly then it will soon be changed.
Was it checked that members emails and passwords (details) were accessed and
potentially used for "credential stuffing" on other websites?
Best Regards
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Please handle as promis feedback remove fast, waiting 4 days and no response
on removal or ticked, how much damage we as store need to take before you guys
help??
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Please handle as promis feedback remove fast, waiting 4 days and no response
on removal or ticked, how much damage we as store need to take before you guys
help??
The promise to remove feedback was for accounts that had been broken into. According
to our records, your store was not compromised. Do we need to add you to the
list?
Please handle as promis feedback remove fast, waiting 4 days and no response
on removal or ticked, how much damage we as store need to take before you guys
help??
Honestly, looking at your FB, I don't think the Nov 3 incident is your main
issue.
Thanks for that update. I work on authentication flows for a very large tech
company. One of the best things that Bricklink could do to improve security dramatically,
while easing the cognitive load on users around creating and remembering passwords
(which can be attacked fairly simply) would be to set up a webauthN server to
allow users to ditch passwords completely in favor of passkeys, which are unphishable
(there's nothing to remember), can't be shared, and use public-private
cryptographic key pairs to authenticate. It's a bit of work, but at the end
of the day, it's where the entire tech space is heading now that they are
available from Google, Apple and will be rolled out in Q1 on Microsoft.
Thanks,
-M
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
So at what point to you reply to my emails asking if you are going to credit
me for the $750 order I placed to a seller I thought was legit that your system
did not protect me from? You have been ignoring those emails. I already did a
chargeback through my bank and they decline it saying the purchase was authorized.
Please advise.
In Administrative, Admin_Russell writes:
Dear BrickLink members,
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Welcome back and thank you for your patience. We were down for longer than anyone
would have wanted. Now that we’re back up and running, we can share with you
what’s happened.
As many of you will know, we received a threat and ransom demand on Friday, November
3rd. We’d been aware of and actively managing some limited suspicious activity
since mid-October, with unauthorized sellers offering products at huge discounts
and fraudulently accepting payment from buyers.
As soon as we were aware of the potential escalation on November 3rd, we put
the site into maintenance mode out of an abundance of caution. We did this to
protect our members and keep complete control of the platform while investigating.
We found that a relatively small number of BrickLink accounts may have been accessed.
It is important to note that there is no evidence so far that our systems were
compromised.
At this stage we believe this was a ‘credential stuffing’ incident, where
someone obtains lists of usernames and passwords from a third party, often illegally,
and opportunistically tries to use them on a website.
Actions we’ve taken
Although we know that the BrickLink site was not breached, we've further
strengthened our security. We take the safety of BrickLink and our members very
seriously and will continue to step up security across the platform.
We’ve informed people where we have reason to believe that their accounts or
stores may have been impacted, and reminded members of ways they can make their
accounts safer and more secure by practicing good data security. Keep your systems
up-to-date with the latest patches, Use security software and create strong,
unique passwords for each website you use.
Again, we’re sorry for the interruption and inconvenience this has caused you.
If you have any questions or concerns, have a look at the FAQ for more details,
or reach out to customersupport@bricklink.com.
Many thanks,
Your BrickLink Team
The site keeps bugging me to update my password but I have already done that
after the incident. It's a very strong password generated by Google. How
can I stop the annoying popup?
The site keeps bugging me to update my password but I have already done that
after the incident. It's a very strong password generated by Google. How
can I stop the annoying popup?l
I did it once thru the popup then hit the x button for several days and then
it stopped. Havnt had it in weeks so perhaps try that
USA, California
Canada, Ontario
Australia, Western Australia
Ireland, Meath
Portugal
Netherlands, Drenthe
Philippines, Bulacan
France, Provence-Alpes-Côte d'Azur
United Kingdom
United Kingdom, England
Spain, Comunidad Valenciana
Germany, Hamburg
Croatia, Zagreb Region
Belgium, Limburg
Slovenia
I can finally start my
Poland, w. Pomorskie
Austria, Wien
Italy, Marche
United Kingdom, Scotland
Brazil, Santa Catarina
Hong Kong SAR China
Serbia, Grad Beograd
South Africa
New Zealand, Auckland
Singapore